Important When you install this update (3000850) from Windows Update, updates 3016437, 3003057, and 3014442 are included in the installation.

The November 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 resolves issues and includes performance and reliability improvements. We recommend that you apply this update rollup as part of your regular maintenance routines. Check out the fixed issues in this update. Also notice that there is a prerequisite and a restart requirement to apply this update.

New features and improvements

This update rollup includes the following new features and improvements:

Additional hardware support (devices that have third-party disk encryption software enabled can now be upgraded to Windows 8.1 more easily)

This November update rollup also includes all previous updates since the previous image update in April 2014. This is a convenient single step to bring Windows clients and servers up to date. Unlike our April update, the November update rollup is not required to be able to continue to receive security or other updates. However, we strongly recommend that you deploy it to Windows clients and servers to benefit from these new features and improvements as well as to prevent many known issues that have been resolved since April. This update is thoroughly tested to the same quality level as our previous service packs. However, unlike service packs, this update does not change the version number and does not deprecate or change any APIs in a manner that would require recertification.

Issues that this update resolves

This update package fixes the problems that are documented in the following Microsoft Knowledge Base articles.

Known issues in this update

You receive a 0x800f0922 or 0x80070005 error message when you try to install this update

SymptomsAssume that you have either of the following configurations:

You have a Windows Server 2012 R2 server that is running on hardware that has UEFI that has Secure Boot enabled.

You have a Windows Server 2012 R2-based Hyper-V host that is running, and you are running a Generation 2 virtual machine guest that uses UEFI firmware support and that has the Secure Boot option enabled. Additionally, the guest virtual machine is running Windows Server 2012 R2.

In these configurations, update 3000850 may not be installed, and you receive a 0x800f0922 or 0x80070005 error message.

SolutionTo resolve this problem, follow these steps:

Install the updated servicing stack update 2975061, and then restart the computer.

Try to reinstall this update.

The computer may crash if you restore the system to a restore point that was created before update rollup 3000850 was installed

Notes

This problem applies only to Windows 8.1 editions.

An installation of a Windows update typically creates a restore point to which the system can be rolled back in case the installation or the updates cause any problems. In this case, the computer may experience startup failures if you try to roll back the system to a restore point that was created before you installed update rollup 3000850.

If the computer has Windows Recovery Environment (WRE) configured, the system automatically restores itself to the last-known working state.

WorkaroundTo work around this problem, use the Programs and Features item in Control Panel instead of System Restore. To do this, click View installed updates in the navigation panel in Programs and Features, select KB3000850 in the list, and then click Uninstall.

After you apply this update on a computer, the computer does not respond during shutdown if you have enabled Fast Startup.

Solution

If you do not encounter the issue but have enabled Fast Startup, install hotfix 3042085 before you apply the November 2014 update.If you have encountered the issue, to work around this issue, restart your computer.

Adding new account in Windows Live Mail 2012 fails with error 0x80090345.

Saving RDP passwords fails with no apparent error.

Opening Credential Manager fails with error 0x80090345.

Explorer hangs when encrypting a file. A WPA trace contains the following signature:

Explorer taking ~664 seconds to Encrypt a file. TID #3376. This is being serviced by LSASS TID #1488 .LSASS TID#3848 is executing the sspCryptUnprotectData call which leads into GetMasterKey. GetMasterKey is taking ~664 seconds (TimesinceLast). LSASS TID 3848. We spend the whole time waiting on LSASS TID 576 which is performing DCLocator pings to find a DC.File Encryption delay/hang is also accounted by the same code change where the backup is required.

WorkaroundTo work around this problem, set the value of the ProtectionPolicy registry entry to 1 to enable local backup of the MasterKey instead of requiring a RWDC in the following registry subkey:

Method 1: Windows Update

Open Windows Update by swiping in from the right edge of the screen (or point to the lower-right corner of the screen and move the mouse pointer up), tap or click Settings, tap or click Change PC settings, and then tap or click Update and recovery.

Tap or click Check now, and then wait while Windows looks for the latest updates for your computer.

If updates are found, tap or click Install updates.

Select update 3000850 under Optional, and then tap or click Install.

Note You might have to restart your computer to finish installing some updates. Save and close your files and apps before you restart so that you do not lose any work or data.

The update for Windows RT 8.1 can be obtained only from Windows Update.

Update KB3016437 is applicable only to computers that have the Windows Server 2012 R2 Active Directory Domain Services (AD DS) role enabled. If you try to install KB3016437 on a Windows client or a Windows server on which AD DS role is not turned on, the update does not install. There are no other adverse effects.

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Update detail information

Prerequisites

To apply this update, you must first install update 2919355 on Windows 8.1 or Windows Server 2012 R2.

Restart information

You must restart the computer after you apply this update.

Update replacement information

This update does not replace any previously released update.

File information

The following table lists the thumbprints of the certificates that are used to sign the updates (.msu). Verify the certificate thumbprint in this Microsoft Knowledge Base article against the certificate thumbprint indicated on the update that you download.